<?php

$login = "<?php\n";
$login .= "function check_ip(\$db, \$idusuario, \$remote)\n";
$login .= "{\n";
$login .= "     \$ret = '0';\n";
$login .= "     \$szMsg = sprintf(\"SELECT ip FROM Lista_IP WHERE idusuario='\$idusuario'\");\n";
$login .= "     \$result = mysql_query(\$szMsg, \$db);\n";
$login .= "     if(mysql_num_rows(\$result) > 0)\n";
$login .= "     {\n";
$login .= "          while(\$myrow = mysql_fetch_row(\$result))\n";
$login .= "          {\n";
$login .= "               if(\$myrow[0] == '*')\n";
$login .= "               {\n";
$login .= "                    \$ret = '1';\n";
$login .= "                    break;\n";
$login .= "               }\n";
$login .= "               else if(strstr(\$remote, \$myrow[0]) != '')\n";
$login .= "               {\n";
$login .= "                    \$ret = '1';\n";
$login .= "                    break;\n";
$login .= "               }\n";
$login .= "          }\n";
$login .= "     }\n";
$login .= "     return \$ret;\n";
$login .= "}\n";

$login .= "session_start();\n";
$login .= "if(isset(\$_REQUEST['login']) && isset(\$_REQUEST['senha']))\n";
$login .= "{\n";
$login .= "     \$DIR = 0;\n";
$login .= "     \$login = strtolower(\$_REQUEST['login']);\n";
$login .= "     \$senha = strtolower(\$_REQUEST['senha']);\n";
$login .= "     require 'conexao.inc.php';\n";
if(strstr($_REQUEST['Title'], "Itaim") != "")
{
     $login .= "     \$szMsg = sprintf(\"SELECT Login,Senha,OLD_PASSWORD('%s'),idUsuario,idTipo_usuario,idcliente,idfuncionario FROM Usuario WHERE Login='%s'\", strtolower(\$senha), strtolower(\$login));\n";
}
else
{
     $login .= "     \$szMsg = sprintf(\"SELECT Login,Senha,OLD_PASSWORD('%s'),idUsuario,idTipo_usuario FROM Usuario WHERE Login='%s'\", strtolower(\$senha), strtolower(\$login));\n";
}
$login .= "     \$result = mysql_query(\$szMsg, \$db);\n";
$login .= "     \$Fail = 0;\n";
$login .= "     if(mysql_num_rows(\$result) <= 0)\n";
$login .= "     {\n";
$login .= "          \$Fail = 1;\n";
$login .= "     }\n";
$login .= "     else\n";
$login .= "     {\n";
$login .= "          while(\$myrow = mysql_fetch_row(\$result))\n";
$login .= "          {\n";
$login .= "               if(\$myrow[1] == '')\n";
$login .= "               {\n";
$login .= "                    \$PWD = 1;\n";
$login .= "               }\n";
$login .= "               else\n";
$login .= "               {\n";
$login .= "                    \$PWD = 0;\n";
$login .= "                    if(strtolower(\$myrow[1]) != strtolower(\$myrow[2]))\n";
$login .= "                    {\n";
$login .= "                         \$Fail = 2;\n";
$login .= "                    }\n";
$login .= "                    else\n";
$login .= "                    {\n";
$login .= "                         if(check_ip(\$db, \$myrow[3], \$REMOTE_ADDR) == 0)\n";
$login .= "                         {\n";
$login .= "                              \$Fail = 3;\n";
$login .= "                         }\n";
$login .= "                         else\n";
$login .= "                         {\n";
$login .= "                              \$DIR = \$myrow[2];\n";
$login .= "                              \$ID = \$myrow[3];\n";
$login .= "                              \$TIPO = \$myrow[4];\n";
if(strstr($_REQUEST['Title'], "Itaim") != "")
{
     $login .= "                              \$CLIENTE = \$myrow[5];\n";
     $login .= "                              \$IDFUNCIONARIO = \$myrow[6];\n";
}
$login .= "                         }\n";
$login .= "                    }\n";
$login .= "               }\n";
$login .= "          }\n";
$login .= "     }\n";
$login .= "     if(\$Fail == 1)\n";
$login .= "     {\n";
$login .= "          \$name = gethostbyaddr(\$REMOTE_ADDR);\n";
$login .= "          \$szMsg = \"REPLACE INTO Acessos VALUES('0','\$login','\$name','(\" . \$_SERVER['REMOTE_ADDR'] . \")',NOW(),'2')\";\n";
$login .= "          \$result = mysql_query(\$szMsg, \$db);\n";
$login .= "          Header('Location: login.php?Msg=1');\n";
$login .= "          exit;\n";
$login .= "     }\n";
$login .= "     if(\$Fail == 2)\n";
$login .= "     {\n";
$login .= "          \$name = gethostbyaddr(\$REMOTE_ADDR);\n";
$login .= "          \$szMsg = \"REPLACE INTO Acessos VALUES('0','\$login','\$name(\" . \$_SERVER['REMOTE_ADDR'] . \")',NOW(),'3')\";\n";
$login .= "          \$result = mysql_query(\$szMsg, \$db);\n";
$login .= "          session_unset();\n";
$login .= "          Header('Location: login.php?Msg=2');\n";
$login .= "          exit;\n";
$login .= "     }\n";
$login .= "     if(\$Fail == 3)\n";
$login .= "     {\n";
$login .= "          \$name = gethostbyaddr(\$REMOTE_ADDR);\n";
$login .= "          \$szMsg = \"REPLACE INTO Acessos VALUES('0','\$login','\$name(\" . \$_SERVER['REMOTE_ADDR'] . \")',NOW(),'4')\";\n";
$login .= "          \$result = mysql_query(\$szMsg, \$db);\n";
$login .= "          session_unset();\n";
$login .= "          Header('Location: login.php?Msg=3');\n";
$login .= "          exit;\n";
$login .= "     }\n";
$login .= "     if(\$PWD == 1)\n";
$login .= "     {\n";
$login .= "          \$_SESSION['USER'] = \$login;\n";
$login .= "          Header(\"Location: login.php?Troca=1\");\n";
$login .= "          exit;\n";
$login .= "     }\n";
$login .= "     \$_SESSION['USER'] = \$login;\n";
$login .= "     \$_SESSION['PW'] = \$PWD;\n";
$login .= "     \$_SESSION['ID'] = \$ID;\n";
$login .= "     \$_SESSION['TIPO'] = \$TIPO;\n";
if(strstr($_REQUEST['Title'], "Itaim") != "")
{
     $login .= "     \$_SESSION['IDFUNCIONARIO'] = \$IDFUNCIONARIO;\n";
     $login .= "     if(\$CLIENTE > 0)\n";
     $login .= "     {\n";
     $login .= "          \$_SESSION['CLIENTE'] = \$CLIENTE;\n";
     $login .= "     }\n";
}
else
{
     $login .= "     \$_SESSION['IDFUNCIONARIO'] = \$ID;\n";
}
$login .= "     \$name = gethostbyaddr(\$REMOTE_ADDR);\n";
$login .= "     \$szMsg = \"REPLACE INTO Acessos VALUES('0','\$login','\$name(\" . \$_SERVER['REMOTE_ADDR'] . \")',NOW(),'1')\";\n";
$login .= "     \$result = mysql_query(\$szMsg, \$db);\n";
$login .= "     mysql_close(\$db);\n";
$login .= "     Header('Location: index.php');\n";
$login .= "     exit;\n";
$login .= "}\n";
$login .= "else if(isset(\$_REQUEST['pwd1']) && isset(\$_REQUEST['pwd2']))\n";
$login .= "{\n";
$login .= "     \$pwd1 = strtolower(\$_REQUEST['pwd1']);\n";
$login .= "     \$pwd2 = strtolower(\$_REQUEST['pwd2']);\n";
$login .= "     if(\$pwd1 != \$pwd2)\n";
$login .= "     {\n";
$login .= "          Header('Location: login.php?Troca=1');\n";
$login .= "          exit;\n";
$login .= "     }\n";
$login .= "     if(\$pwd1 == '')\n";
$login .= "     {\n";
$login .= "          Header('Location: login.php?Troca=1');\n";
$login .= "          exit;\n";
$login .= "     }\n";
$login .= "     require 'conexao.inc.php';\n";
$login .= "     \$szMsg = sprintf(\"UPDATE Usuario SET Senha=OLD_PASSWORD('\$pwd1') WHERE Login='%s'\", strtolower(\$_SESSION['USER']));\n";
$login .= "     \$result = mysql_query(\$szMsg, \$db);\n";
if(strstr($_REQUEST['Title'], "Itaim") != "")
{
     $login .= "     \$szMsg = sprintf(\"SELECT Login,Senha,OLD_PASSWORD('%s'),idUsuario,idTipo_usuario,idcliente,idfuncionario FROM Usuario WHERE Login='%s'\", strtolower(\$pwd1), \$_SESSION['USER']);\n";
}
else
{
     $login .= "     \$szMsg = sprintf(\"SELECT Login,Senha,OLD_PASSWORD('%s'),idUsuario,idTipo_usuario FROM Usuario WHERE Login='%s'\", strtolower(\$pwd1), \$_SESSION['USER']);\n";
}
$login .= "     \$result = mysql_query(\$szMsg, \$db);\n";
$login .= "     \$Fail = 0;\n";
$login .= "     if(mysql_num_rows(\$result) <= 0)\n";
$login .= "     {\n";
$login .= "          \$Fail = 1;\n";
$login .= "     }\n";
$login .= "     else\n";
$login .= "     {\n";
$login .= "          while(\$myrow = mysql_fetch_row(\$result))\n";
$login .= "          {\n";
$login .= "               \$login = \$myrow[0];\n";
$login .= "               \$DIR = \$myrow[2];\n";
$login .= "               \$ID = \$myrow[3];\n";
$login .= "               \$TIPO = \$myrow[4];\n";
if(strstr($_REQUEST['Title'], "Itaim") != "")
{
     $login .= "               \$CLIENTE = \$myrow[5];\n";
     $login .= "               \$IDFUNCIONARIO = \$myrow[6];\n";
}
$login .= "          }\n";
$login .= "     }\n";

$login .= "     \$_SESSION['PW'] = 0;\n";
$login .= "     \$_SESSION['ID'] = \$ID;\n";
$login .= "     \$_SESSION['TIPO'] = \$TIPO;\n";
if(strstr($_REQUEST['Title'], "Itaim") != "")
{
     $login .= "     \$_SESSION['IDFUNCIONARIO'] = \$IDFUNCIONARIO;\n";
     $login .= "     if(\$CLIENTE > 0)\n";
     $login .= "     {\n";
     $login .= "          \$_SESSION['CLIENTE'] = \$CLIENTE;\n";
     $login .= "     }\n";
}
else
{
     $login .= "     \$_SESSION['IDFUNCIONARIO'] = \$ID;\n";
}
$login .= "     \$name = gethostbyaddr(\$REMOTE_ADDR);\n";
$login .= "     \$szMsg = \"REPLACE INTO Acessos VALUES('0','\$login','\$name(\" . \$_SERVER['REMOTE_ADDR'] . \")',NOW(),'1')\";\n";
$login .= "     \$result = mysql_query(\$szMsg, \$db);\n";
$login .= "     mysql_close(\$db);\n";
$login .= "     Header('Location: index.php');\n";
$login .= "     exit;\n";
$login .= "}\n";
$login .= "else if(isset(\$_REQUEST['Troca']))\n";
$login .= "{\n";
$login .= "     require 'conexao.inc.php';\n";
$login .= "     mysql_select_db('Audit', \$db);\n";
$login .= "     \$szMsg = sprintf(\"UPDATE Usuario SET Senha='' WHERE Login='%s'\", strtolower(\$_SESSION['USER']));\n";
$login .= "     \$result = mysql_query(\$szMsg, \$db);\n";
$login .= "     mysql_close(\$db);\n";
$login .= "     \$html = \"<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>\n";
$login .= "<html>\n";
$login .= "     <head>\n";
$login .= "          <meta http-equiv='Content-Type' content='text/html; charset=utf-8' />\n";
$login .= "          <title>" . $_REQUEST['Title'] . " - Administrativo</title>\n";
$login .= "          <style type='text/css'>\n";
$login .= "               body{ font: 70% 'Trebuchet MS', sans-serif; margin: 5px;}\n";
if(isset($_REQUEST['LOGOTIPO']))
{
     $login .= "               html{ width: 100%; height: 100%;background:url(img/logo.png) center center no-repeat;}\n";
}
$login .= "          </style>\n";
$login .= "     </head>\n";
$login .= "     <body onload='document.getElementById('pwd1').focus();'>\n";
$login .= "          <center>\n";
$login .= "               <h2>Usuario: \" . \$_SESSION['USER'] . \"</h2>\n";
$login .= "               <h2>Favor entrar com sua Senha</h2>\n";
$login .= "               <form action='login.php' method='post'>\n";
$login .= "                    <table border='0'>\n";
$login .= "                         <tr>\n";
$login .= "                              <th align='right'>Senha:</th>\n";
$login .= "                              <td align='left'><input type='password' name='pwd1' id='pwd1' value=''/></td>\n";
$login .= "                         </tr>\n";
$login .= "                         <tr>\n";
$login .= "                              <th align='right'>Confirme:</th>\n";
$login .= "                              <td align='left'><input type='password' name='pwd2' value=''/></td>\n";
$login .= "                         </tr>\n";
$login .= "                         <tr>\n";
$login .= "                              <td align='center' colspan='2'><input type='submit' value='OK' /></td>\n";
$login .= "                         </tr>\n";
$login .= "                    </table>\n";
$login .= "               </form>\n";
$login .= "               <p><a href='.'>Voltar</a></p>\n";
$login .= "          </center>\n";
$login .= "     </body>\n";
$login .= "</html>\";\n";
$login .= "     echo \$html;\n";
$login .= "     exit;\n";
$login .= "}\n";
$login .= "else if(isset(\$_REQUEST['Logout']))\n";
$login .= "{\n";
$login .= "     session_start();\n";
$login .= "     require 'conexao.inc.php';\n";
$login .= "     \$login = \$_SESSION['USER'];\n";
$login .= "     \$name = gethostbyaddr(\$REMOTE_ADDR);\n";
$login .= "     \$szMsg = \"REPLACE INTO Acessos VALUES('0','\$login','\$name(\" . \$_SERVER['REMOTE_ADDR'] . \")',NOW(),'0')\";\n";
$login .= "     \$result = mysql_query(\$szMsg, \$db);\n";
$login .= "     mysql_close(\$db);\n";
$login .= "     session_unset();\n";
$login .= "     Header('Location: index.php');\n";
$login .= "     exit;\n";
$login .= "}\n";
$login .= "?>\n";
$login .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
$login .= "<html>\n";
$login .= "     <head>\n";
$login .= "          <meta http-equiv='Content-Type' content='text/html; charset=utf-8' />\n";
$login .= "          <title>" . $_REQUEST['Title'] . " - Administrativo</title>\n";
$login .= "          <style type='text/css'>\n";
$login .= "               body{ font: 70% 'Trebuchet MS', sans-serif; margin: 5px;}\n";
if(isset($_REQUEST['LOGOTIPO']))
{
     $login .= "               html{ width: 100%; height: 100%;background:url(img/logo.png) center center no-repeat;}\n";
}
$login .= "          </style>\n";
$login .= "     </head>\n";
$login .= "     <body onload='document.getElementById(\"login\").focus();'>\n";
$login .= "          <center>\n";
$login .= "               <?php\n";
$login .= "               \$lg = '';\n";
$login .= "               if(isset(\$_SESSION['USER']))\n";
$login .= "               {\n";
$login .= "                    \$lg = \$_SESSION['USER'];\n";
$login .= "               }\n";
$login .= "               else if(isset(\$_REQUEST['Msg']))\n";
$login .= "               {\n";
$login .= "                    if(\$_REQUEST['Msg'] == '1')\n";
$login .= "                    {\n";
$login .= "                         \$msg = 'Login não localizado';\n";
$login .= "                    }\n";
$login .= "                    else if(\$_REQUEST['Msg'] == '2')\n";
$login .= "                    {\n";
$login .= "                         \$msg = 'Senha não confere';\n";
$login .= "                    }\n";
$login .= "                    else\n";
$login .= "                    {\n";
$login .= "                         \$msg = 'Acesso não liberado para essa localidade';\n";
$login .= "                    }\n";
$login .= "                    printf(\"<h1><font color='#FF0000'>%s</font></h1>\", \$msg);\n";
$login .= "               }\n";
$login .= "               ?>\n";
$login .= "               <h2>Favor entrar com seu login e Senha</h2>\n";
$login .= "               <form action='login.php' method='post'>\n";
$login .= "                    <table>\n";
$login .= "                         <tr>\n";
$login .= "                              <th align='right'>Login:</th>\n";
$login .= "                              <td align='left'><input type='text' name='login' id='login' value='<? echo \$lg; ?>'/></td>\n";
$login .= "                         </tr>\n";
$login .= "                         <tr>\n";
$login .= "                              <th align='right'>Senha:</th>\n";
$login .= "                              <td align='left'><input type='password' name='senha' value=''/></td>\n";
$login .= "                         </tr>\n";
$login .= "                         <tr>\n";
$login .= "                              <td align='center' colspan='2'><input type='submit' value='OK' /></td>\n";
$login .= "                         </tr>\n";
$login .= "                    </table>\n";
$login .= "               </form>\n";
$login .= "          </center>\n";
$login .= "     </body>\n";
$login .= "</html>\n";

// Criar define.php
$FILE = sprintf("%s/login.php", $diretorio);
$fPHP = fopen($FILE, "w");
if(!$fPHP)
{
     echo "<h1>Falha na Criação do Arquivo '" . $FILE . "'</h1>";
     exit;
}
fprintf($fPHP, "%s", $login);
fclose($fPHP);
?>
